{"vulnerability": "CVE-2024-3661", "sightings": [{"uuid": "bb501a47-d1e8-4338-bc70-67e5803172b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "8ef3179e-6ae2-42ba-9d27-75d713d75f20", "vulnerability": "CVE-2024-3661", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-18T12:32:30.523468Z"}, {"uuid": "dc73112f-59bb-49e5-bfa1-3d8db009896b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36616", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567706088793753", "content": "", "creation_timestamp": "2024-11-29T18:41:12.974891Z"}, {"uuid": "85b99a1f-7738-4973-a2d1-b7f97863f7ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36612", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567949816057557", "content": "", "creation_timestamp": "2024-11-29T19:43:11.158653Z"}, {"uuid": "a050afe3-45aa-474b-be7c-21d957c2aa81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36617", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567599588222861", "content": "", "creation_timestamp": "2024-11-29T18:14:07.148689Z"}, {"uuid": "d90dea11-ada3-46ae-9aa6-b0ac5b2213e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36610", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567949801954696", "content": "", "creation_timestamp": "2024-11-29T19:43:10.908220Z"}, {"uuid": "fe043580-d4b5-41dc-a04f-01bc76f9892a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36615", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567706073953125", "content": "", "creation_timestamp": "2024-11-29T18:41:12.055312Z"}, {"uuid": "70a47d74-ea1f-43d5-b90e-8d5915771de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36618", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567599602165408", "content": "", "creation_timestamp": "2024-11-29T18:14:07.505206Z"}, {"uuid": "a07e44d1-b95c-4fe7-b9bd-a64b24c527ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36613", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113765752883797445", "content": "", "creation_timestamp": "2025-01-03T18:07:06.341586Z"}, {"uuid": "77a6d948-b41b-42b4-957b-752a995cf208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/4400", "content": "\u200b\u26a1\ufe0fTunnelVision: \u043d\u0438 \u043e\u0434\u0438\u043d VPN-\u0441\u0435\u0440\u0432\u0438\u0441 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\n\n\ud83d\udcac\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Leviathan Security \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 (VPN).\n\n\u0410\u0442\u0430\u043a\u0430, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u00abTunnelVision\u00bb \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-3661 (CVSS: 7,6 \u0438\u0437 10), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0442\u0443\u043d\u043d\u0435\u043b\u044c. \u042d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u0440\u0438\u0441\u043a\u0430\u043c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 VPN \u2014 \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u0437\u0430\u0449\u0438\u0442\u0443 \u0435\u0433\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0442 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u043a\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 DHCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a \u00ab \u043e\u043f\u0446\u0438\u044f 121 \u00bb, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c VPN-\u0442\u0440\u0430\u0444\u0438\u043a \u0447\u0435\u0440\u0435\u0437 \u0441\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Leviathan Security \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0442\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b \u0432 \u0442\u0430\u0431\u043b\u0438\u0446\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043e\u0431\u0445\u043e\u0434\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 VPN-\u0442\u0443\u043d\u043d\u0435\u043b\u044c. \u041e\u043d\u0438 \u0434\u0430\u0436\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0432\u0438\u0434\u0435\u043e \u0441 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0435\u0439 \u0430\u0442\u0430\u043a\u0438.\n\n\u0410\u0442\u0430\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u043a\u0440\u043e\u043c\u0435 Android, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u00ab\u043e\u043f\u0446\u0438\u044e 121\u00bb), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u044b\u0435 \u0440\u0438\u0441\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043a \u0441\u0435\u0442\u044f\u043c, \u043d\u0430\u0434 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043e\u043d\u0438 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c DHCP-\u0441\u0435\u0440\u0432\u0435\u0440 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043e\u0431\u043d\u0443\u044e \u0430\u0442\u0430\u043a\u0443.\n\n\u041a\u043e\u0432\u0430\u0440\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e VPN-\u043a\u043b\u0438\u0435\u043d\u0442 \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0447\u0442\u043e \u0432\u0441\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u0434\u0435\u043b\u0435 \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0432\u0441\u0435\u043c \u043d\u0435 \u0442\u0430\u043a. \u0424\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438, \u043b\u044e\u0431\u043e\u0439 \u0442\u0440\u0430\u0444\u0438\u043a, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0438\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u044f, \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043d\u0438\u043a\u0430\u043a \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d, \u0438 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0442\u044c \u0442\u043e\u0439 \u0441\u0435\u0442\u0438, \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0451\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u0430 \u043d\u0435 \u0442\u043e\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u043a\u0430\u0437\u0430\u043d\u0430 VPN-\u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u0435\u0440\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u0432, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0442\u0440\u0430\u0444\u0438\u043a, \u043d\u043e \u043d\u0435 \u0440\u0435\u0448\u0430\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e. \u0410\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 VPN \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b \u0438\u043b\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0442\u043e\u0447\u043a\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 Leviathan Security \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u044b\u0431\u043e\u0440\u0430 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u043b\u0438 \u043d\u0435\u043d\u0430\u0434\u0451\u0436\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u043e\u0441\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u044b \u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u0430\u0445 \u0438 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u0441\u043b\u0435\u043f\u043e \u043d\u0435 \u0434\u043e\u0432\u0435\u0440\u044f\u0442\u044c VPN-\u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u0430\u043d\u043e\u043d\u0438\u043c\u0430\u0439\u0437\u0435\u0440\u0430\u043c, \u0442\u0430\u043a \u043a\u0430\u043a \u0438\u043d\u043e\u0433\u0434\u0430 \u0442\u0430\u043a\u043e\u0435 \u0434\u043e\u0432\u0435\u0440\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043a\u043e\u043d\u0447\u0438\u0442\u044c\u0441\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u043f\u043b\u0430\u0447\u0435\u0432\u043d\u043e.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-05-07T13:47:48.000000Z"}, {"uuid": "43e64dc5-85dc-4f1a-a015-e6ba35c35622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "Telegram/HutSTIgnWKRslQI1nHEqCVKWuOFRo_54ehGM6dg1VV15iEI", "content": "", "creation_timestamp": "2025-11-28T03:00:08.000000Z"}, {"uuid": "5e252cbf-0bf7-4106-b9d2-1f3f0299d88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "Telegram/qhixn4lk77AJuAqYYFt40tmhnfu76-WUGOaGBlVneA8LZI4", "content": "", "creation_timestamp": "2024-05-09T21:19:23.000000Z"}, {"uuid": "d6d382c6-81e1-41a5-ad8f-8e1b9f212f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-f792178a-2f20e849f4ae9ab9", "content": "", "creation_timestamp": "2025-05-20T08:36:27.205759Z"}, {"uuid": "5c5b54f8-d7db-46b2-b10d-d55d44bdf6f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36616", "type": "seen", "source": "https://gist.github.com/Darkcrai86/d4b1a38863b6a56fd60b4594084a9b41", "content": "", "creation_timestamp": "2025-10-16T07:46:53.000000Z"}, {"uuid": "c259767a-db4b-49c5-98ff-2e8d4564588a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36618", "type": "seen", "source": "https://gist.github.com/Darkcrai86/d4b1a38863b6a56fd60b4594084a9b41", "content": "", "creation_timestamp": "2025-10-16T07:46:53.000000Z"}, {"uuid": "a541fb1b-fbdd-4cdb-876c-5c8933494017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36613", "type": "seen", "source": "https://gist.github.com/Darkcrai86/d4b1a38863b6a56fd60b4594084a9b41", "content": "", "creation_timestamp": "2025-10-16T07:46:53.000000Z"}, {"uuid": "f0130377-f517-41c5-bb24-a71000eda93d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36619", "type": "seen", "source": "https://gist.github.com/Darkcrai86/d4b1a38863b6a56fd60b4594084a9b41", "content": "", "creation_timestamp": "2025-10-16T07:46:53.000000Z"}, {"uuid": "c74bc145-5c02-41fa-80b4-1f49c09715c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "https://t.me/habr_com_news/27495", "content": "6 \u043c\u0430\u044f 2024 \u0433\u043e\u0434\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e \u0418\u0411 \u0438\u0437 Leviathan \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0433\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0434\u0435\u0442\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 TunnelVision (CVE-2024-3661), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c VPN-\u0442\u0440\u0430\u0444\u0438\u043a \u0447\u0435\u0440\u0435\u0437 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 DHCP \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438\u043b\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435 \u043d\u0430\u0434 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u044c\u044e.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2024-05-07T11:05:02.000000Z"}, {"uuid": "92865098-1320-4c54-8d17-bf483f73d9c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36613", "type": "seen", "source": "https://t.me/cvedetector/14239", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36613 - FFmpeg DXA Demuxer Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36613 \nPublished : Jan. 3, 2025, 6:15 p.m. | 38\u00a0minutes ago \nDescription : FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-03T20:21:59.000000Z"}, {"uuid": "23bd4daf-6942-4c53-bc61-fd044db168ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "Telegram/F7FeZNOnSTifRSgn_D1NIv8spICWla4VctpEm95JTJ8h-iTZ", "content": "", "creation_timestamp": "2024-05-13T06:36:38.000000Z"}, {"uuid": "86d2e0fb-af5b-4bf5-8382-cba082c1d7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36610", "type": "seen", "source": "https://t.me/cvedetector/11687", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36610 - A deserialization vulnerability exists in the Stub\", \n  \"Content\": \"CVE ID : CVE-2024-36610 \nPublished : Nov. 29, 2024, 8:15 p.m. | 16\u00a0hours, 20\u00a0minutes ago \nDescription : A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-30T14:04:31.000000Z"}, {"uuid": "684d0ea6-1366-47ed-8242-8fb7c83553d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "Telegram/HAYd5Rkf6UYn71vjEfsqQdTbdXMO9WTdk_LFvKCs1pyxzg", "content": "", "creation_timestamp": "2024-05-09T23:49:50.000000Z"}, {"uuid": "da61a1e5-306a-41c8-a5aa-5ba1e5203fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36612", "type": "seen", "source": "https://t.me/cvedetector/11692", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36612 - Zulip from 8.0 to 8.3 contains a memory leak vulne\", \n  \"Content\": \"CVE ID : CVE-2024-36612 \nPublished : Nov. 29, 2024, 8:15 p.m. | 16\u00a0hours, 20\u00a0minutes ago \nDescription : Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-30T14:04:38.000000Z"}, {"uuid": "3da47cfa-3d28-40b8-8940-cc5d02f5b7cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/125", "content": "\u200aMajor VPN Flaw Exposed: \u201cTunnelVision\u201d (CVE-2024-3661) Threatens Security on Public Networks\n\nhttps://securityonline.info/major-vpn-flaw-exposed-tunnelvision-cve-2024-3661-threatens-security-on-public-networks/", "creation_timestamp": "2024-05-07T12:31:14.000000Z"}, {"uuid": "4f5667d1-c22c-492e-bf3e-1281a6ac6be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/7269", "content": "The Hacker News\nNew TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation\n\nResearchers have detailed a Virtual Private Network (VPN) bypass technique dubbed&nbsp;TunnelVision&nbsp;that allows threat actors to snoop on victim's network traffic by just being on the same local network.\nThe \"decloaking\"&nbsp;method&nbsp;has been assigned the CVE identifier&nbsp;CVE-2024-3661&nbsp;(CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has", "creation_timestamp": "2024-05-09T23:49:49.000000Z"}, {"uuid": "8de5d388-e80a-498b-adb7-f103043d60c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "Telegram/97A0fViJJN4Xo09iVFrZAyJP803fpJAsEg5uejq8Eb-jEA", "content": "", "creation_timestamp": "2024-05-09T22:09:16.000000Z"}, {"uuid": "b5676ce4-b5b4-4ded-940b-8a91efbd68cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/1363", "content": "The Hacker News\nNew TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation\n\nResearchers have detailed a Virtual Private Network (VPN) bypass technique dubbed&nbsp;TunnelVision&nbsp;that allows threat actors to snoop on victim's network traffic by just being on the same local network.\nThe \"decloaking\"&nbsp;method&nbsp;has been assigned the CVE identifier&nbsp;CVE-2024-3661&nbsp;(CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has", "creation_timestamp": "2024-05-09T23:49:49.000000Z"}, {"uuid": "27a5ca86-0a1a-4267-a924-6af55d922559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/softrinx/134442", "content": "https://nvd.nist.gov/vuln/detail/CVE-2024-3661", "creation_timestamp": "2024-05-08T13:35:32.000000Z"}, {"uuid": "79371786-1bec-44ba-b871-763fc77d87dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/softrinx/336", "content": "https://nvd.nist.gov/vuln/detail/CVE-2024-3661", "creation_timestamp": "2024-05-08T13:35:32.000000Z"}, {"uuid": "5dbcb676-ccf7-4720-9765-6ae61575470b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "Telegram/PuBv4qr8iQ2pV2w9bAxiF8CsqRvYd2zNk5QLDTKGFI6agiU", "content": "", "creation_timestamp": "2024-05-08T13:45:41.000000Z"}, {"uuid": "7dfad627-b01e-4d81-a05c-6a3b2317cc2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/KomunitiSiber/1918", "content": "New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation\nhttps://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html\n\nResearchers have detailed a Virtual Private Network (VPN) bypass technique dubbed\u00a0TunnelVision\u00a0that allows threat actors to snoop on victim's network traffic by just being on the same local network.\nThe \"decloaking\"\u00a0method\u00a0has been assigned the CVE identifier\u00a0CVE-2024-3661\u00a0(CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has", "creation_timestamp": "2024-05-09T21:21:09.000000Z"}, {"uuid": "a5b53f71-8210-4cf2-ab90-88446ecd71a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5710", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Leviathan Security Group \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c TunnelVision, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0435\u0433\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 VPN \u0435\u0449\u0435 \u0441 2002 \u0433\u043e\u0434\u0430.\n\nCVE-2024-3661 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 7.6 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043f\u043e \u0441\u0432\u043e\u0435\u0439 \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b DHCP \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043e\u043f\u0446\u0438\u044e \u0431\u0435\u0441\u043a\u043b\u0430\u0441\u0441\u043e\u0432\u043e\u0433\u043e \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0430 (121).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f DHCP, \u043c\u043e\u0436\u0435\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0432\u0435\u0441\u0442\u0438 \u0442\u0440\u0430\u0444\u0438\u043a \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u0437 \u0435\u0433\u043e VPN-\u0442\u0443\u043d\u043d\u0435\u043b\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 DHCP.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0435\u0449\u0435 \u0432 2015 \u0433\u043e\u0434\u0443\u00a0\u0432\u044b\u0445\u043e\u0434\u0438\u043b\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0435 \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0447\u0435\u0440\u0435\u0437 DHCP \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441, \u043d\u043e \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u043b\u043e \u043e\u043f\u0446\u0438\u044e DHCP 121. \n\n\u041f\u043e\u0437\u0436\u0435 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2023 \u0433\u043e\u0434\u0430\u00a0\u0431\u044b\u043b \u0440\u0430\u0441\u043a\u0440\u044b\u0442 TunnelCrack, \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0438\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 VPN-\u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u0432 TunnelCrack, \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u043e\u043f\u0446\u0438\u044e DHCP 121 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0438\u0437\u0443\u0447\u0438\u0432 \u0432\u043e\u043f\u0440\u043e\u0441, \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Leviathan \u0441\u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 TunnelVision, \u0432\u0438\u0434\u0435\u043e \u0441 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0435\u0439 PoC \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0430\u0442\u0430\u043a \u043d\u0430 GitHub.\n\n\u041f\u0440\u0438\u0447\u0435\u043c TunnelVision \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u041e\u0421, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b DHCP-\u043e\u043f\u0446\u0438\u0438 121, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Windows, Linux, iOS \u0438 MacOS. \n\nAndroid \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u043e\u043f\u0446\u0438\u0438 121 DHCP.\n\n\u0427\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 TunnelVision, \u0442\u043e \u044d\u0442\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0432\u043e\u043f\u0440\u043e\u0441, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u043d\u0435 \u0441 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u044f\u043c\u0438 VPN, \u0430 \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0431\u0430\u0437\u043e\u0432\u044b\u043c\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0441\u0435\u0442\u0438 \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432 \u0438\u043c\u0435\u043d \u0432 Linux \u0434\u043b\u044f \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 \u043e\u0442 \u043e\u0431\u0449\u0438\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432 \u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u041e\u0421 \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043b\u0438\u0441\u044c \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438 VPN, \u043d\u043e \u0441 \u0443\u0447\u0435\u0442\u043e\u043c \u0438\u0445 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u043e\u0431\u0440\u0430\u0442\u0438\u043b\u0438\u0441\u044c \u043a EFF \u0438 CISA \u0434\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u043e\u0433\u043b\u0430\u0441\u043a\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0412\u0435\u0434\u044c, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u043c\u0430 \u0441 2002 \u0433\u043e\u0434\u0430 \u0438 \u0432\u043f\u043e\u043b\u043d\u0435 \u043c\u043e\u0433\u043b\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0436\u0438\u0437\u043d\u0438 \u043e\u0441\u043e\u0431\u043e \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u043c\u0438 \u0430\u043a\u0442\u043e\u0440\u0430\u043c\u0438.", "creation_timestamp": "2024-05-07T16:30:06.000000Z"}, {"uuid": "38f0365b-21a8-4900-acad-70aab180e790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10464", "content": "#Threat_Research\n1. TunnelVision (CVE-2024-3661):\nHow Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak\nhttps://www.leviathansecurity.com/blog/tunnelvision\n2. Tiny Proxy Vulnerability (CVE-2023-49606)\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2023-1889", "creation_timestamp": "2024-05-07T23:31:43.000000Z"}, {"uuid": "c1f106bb-5384-4a98-aa6a-488c6b5c94e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "seen", "source": "https://t.me/thehackernews/4935", "content": "Researchers have uncovered a vulnerability (CVE-2024-3661) that allows threat actors to snoop on your VPN traffic. \n \nNamed \"TunnelVision,\" the attack works by abusing a DHCP option to alter your device's routing table. \n \nDetails here: https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html", "creation_timestamp": "2024-05-09T20:00:05.000000Z"}, {"uuid": "e1cda61b-12b1-48e9-91a1-986b8761e76e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3661", "type": "exploited", "source": "https://t.me/SecLabNews/15168", "content": "TunnelVision:  Leviathan Security \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0441\u043b\u0430\u0431\u044b\u0435 \u043c\u0435\u0441\u0442\u0430 VPN\n\n\ud83e\udd78 \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Leviathan Security \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 VPN \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \n\n\ud83c\udd98 \u0410\u0442\u0430\u043a\u0430, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u00abTunnelVision\u00bb, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-3661 (CVSS: 7,6 \u0438\u0437 10), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0442\u0443\u043d\u043d\u0435\u043b\u044c.\n\n\ud83d\udc4b \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 DHCP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a \u00ab\u043e\u043f\u0446\u0438\u044f 121\u00bb, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c VPN-\u0442\u0440\u0430\u0444\u0438\u043a \u0447\u0435\u0440\u0435\u0437 \u0441\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n#VPN #SecurityBreach #TunnelVision @SecLabNews", "creation_timestamp": "2024-05-07T17:19:12.000000Z"}]}